9 changed files with 18 additions and 219 deletions
--- a/0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
+++ b/0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
@ -1,33 +0,0 @@
 From d1ed5c06e3edc5f2b5f3664c80121fa55b0baa95 Mon Sep 17 00:00:00 2001
 From: Gyan Doshi <ffmpeg@gyani.pro>
 Date: Sat, 22 Feb 2025 10:38:53 +0530
 Subject: [PATCH] avcodec/libsvtav1: unbreak build with latest svtav1
 SVT-AV1 made a change in their public API in 988e930c but without a
 version bump or any other accessible marker, thus breaking ffmpeg build
 with current versions of SVT-AV1.
 They have finally bumped versions a month later, so check added.
 ---
 libavcodec/libsvtav1.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
 index 79b28eb4df..43fe531fde 100644
 --- a/libavcodec/libsvtav1.c
 +++ b/libavcodec/libsvtav1.c
@@ -435,7 +435,11 @@ static av_cold int eb_enc_init(AVCodecContext *avctx)
     svt_enc->eos_flag = EOS_NOT_REACHED;
 +#if SVT_AV1_CHECK_VERSION(3, 0, 0)
 +    svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, &svt_enc->enc_params);
 +#else
     svt_ret = svt_av1_enc_init_handle(&svt_enc->svt_handle, svt_enc, &svt_enc->enc_params);
 +#endif
     if (svt_ret != EB_ErrorNone) {
         return svt_print_error(avctx, svt_ret, "Error initializing encoder handle");
     }
 -- 
 2.48.1
--- a/ffmpeg-7-CVE-2025-22921.patch
+++ b/ffmpeg-7-CVE-2025-22921.patch
@ -1,29 +0,0 @@
 From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001
 From: James Almer <jamrial@gmail.com>
 Date: Wed, 1 Jan 2025 23:58:39 -0300
 Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it
 Fixes NULL pointer dereferences.
 Fixes ticket #11393.
 Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
 Signed-off-by: James Almer <jamrial@gmail.com>
 ---
 libavcodec/jpeg2000dec.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
 index e5e897a29f..b82d85d5ee 100644
 --- a/libavcodec/jpeg2000dec.c
 +++ b/libavcodec/jpeg2000dec.c
@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
                 }
             }
             av_freep(&cblk->lengthinc);
 +            cblk->nb_lengthinc = 0;
         }
     }
     // Save state of stream
 -- 
 2.44.0
--- a/ffmpeg-7-CVE-2025-25473.patch
+++ b/ffmpeg-7-CVE-2025-25473.patch
@ -1,26 +0,0 @@
 From c08d300481b8ebb846cd43a473988fdbc6793d1b Mon Sep 17 00:00:00 2001
 From: James Almer <jamrial@gmail.com>
 Date: Fri, 17 Jan 2025 00:05:31 -0300
 Subject: [PATCH] avformat/avformat: also clear FFFormatContext packet queue
 when closing a muxer
 packet_buffer is used in mux.c, and if a muxing process fails at a point where
 packets remained in said queue, they will leak.
 Fixes ticket #11419
 Signed-off-by: James Almer <jamrial@gmail.com>
 ---
 libavformat/avformat.c | 1 +
 1 file changed, 1 insertion(+)
 --- a/libavformat/avformat.c
 +++ b/libavformat/avformat.c
@@ -184,6 +184,7 @@
     av_dict_free(&si->id3v2_meta);
     av_packet_free(&si->pkt);
     av_packet_free(&si->parse_pkt);
 +    avpriv_packet_list_free(&si->packet_buffer);
     av_freep(&s->streams);
     av_freep(&s->stream_groups);
     ff_flush_packet_queue(s);
--- a/ffmpeg-7.1.1.tar.xz
+++ b/ffmpeg-7.1.1.tar.xz
--- a/ffmpeg-7.1.1.tar.xz.asc
+++ b/ffmpeg-7.1.1.tar.xz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmfE+J4YHGZmbXBlZy1k
 ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYNAwH/3i5n8X6+6Gw+1U+k6Lfwe4t
 d1AmG/XyJd3ZkqnSXmtpW/p/DoHaRQLTJMHq/5jWi0Dcpr8M8VD0pZxzEksfy0XY
 xHEqKXRG37/SyoiH39+BXWOSry4shIhzTVfmQi9QGZ0i69J+ZOpP1cImWz2c6QBM
 Q2FMPv1QMVNR2UWHDGgYAvvg2qfJfGgIdQQtvAQe1q3co6LuaZC0ndgoNmNyuPLV
 nNmsoetZucoNC4M7kcevyssrRMDi+yHk5X86LfV/cBY+BKP9X8u8pieXrnctSYAh
 qqBnsg4jSj3fB96QvsFsdbUWEECKm4/gWJngMQTMk2Tg0RpQAwfHvp21Lppo/xw=
 =xzGf
 -----END PGP SIGNATURE-----
--- a/ffmpeg-7.1.tar.xz
+++ b/ffmpeg-7.1.tar.xz
--- a/ffmpeg-7.1.tar.xz.asc
+++ b/ffmpeg-7.1.tar.xz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmb549IYHGZmbXBlZy1k
 ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYilgH/2sKAFBy8ojPrYxVy7i+O3WO
 bE5lu2yhE6gHkHnxZga5k1uuhkRhapgTiUs9foG0zmL6Qfsg7lJ2EjrieD+hSWsw
 ApqHVW5SUUSrtY0kO9Z/2jQIRBH5JaMPSar6YNPTdXuSUcun784gPgwIGYwzAM/S
 14tkOZpq+X4nSJ4JezJDWeIsdz8zK4gIOuo0eCPbUgZ/A7wUMdypGZ9LOqk/mCc8
 RnErz36HlZzUnGrL73gxsGCQ2PXL+1oMHnt0antF90T4YNusOX9FprclH/jb+RLl
 jTb8RVb/4xJKV96ScMiwy2GaozzXFjzY1X7Gq8WN5NGRlbso6WQpqt8yunD7ib4=
 =A/aU
 -----END PGP SIGNATURE-----
--- a/ffmpeg-7.changes
+++ b/ffmpeg-7.changes
@ -1,88 +1,3 @@
 -------------------------------------------------------------------
 Fri Apr  4 09:34:14 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
 - Disable OpenVINO, too many dependencies for Factory ring1.
 -------------------------------------------------------------------
 Tue Apr  1 23:38:08 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
 - Update to release 7.1.1
  * avformat/wavdec: Fix overflow of intermediate in
    block_align check
  * avformat/dvdvideodec: drop packets with unset PTS or DTS
  * avutil/timecode: Avoid fps overflow in
    av_timecode_get_smpte_from_framenum()
  * avcodec/mjpegdec: Disallow progressive bayer images
  * avformat/mov: don't unconditionally set all audio packets
    in fragments as key frames
  * avcodec/libx265: resolve build failure for
    libx265.so.n, n >= 213
 - Delete ffmpeg-7-CVE-2025-22919.patch,
  ffmpeg-7-CVE-2025-0518.patch, ffmpeg-7-CVE-2025-1816.patch
  (merged)
 -------------------------------------------------------------------
 Tue Mar 25 11:48:21 UTC 2025 - Adrian Schröter <adrian@suse.de>
 - Move BcntSync tag to the %else part where the mini package gets defined
 -------------------------------------------------------------------
 Sun Mar 23 23:21:26 UTC 2025 - Mia Herkt <mia@0x0.st>
 - Build with OpenVINO support in libavfilter
 -------------------------------------------------------------------
 Fri Mar 21 15:28:30 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-7-CVE-2025-1816.patch:
  Backporting 0526535c from upstream, add missing constrains for
  num_parameters in audio_element_oub().
  (CVE-2025-1816, bsc#1238728)
 -------------------------------------------------------------------
 Sun Mar 23 23:21:26 UTC 2025 - Mia Herkt <mia@0x0.st>
 - Build with OpenVINO support in libavfilter
 -------------------------------------------------------------------
 Wed Mar  5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
 - Add 0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
  to build with SVT-AV1 3.0.0.
 -------------------------------------------------------------------
 Fri Feb 19 05:17:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-7-CVE-2025-22921.patch:
  Backporting 7f9c7f98 from upstream, clear array length when
  freeing it.
  (CVE-2025-22921, bsc#1237382)
 -------------------------------------------------------------------
 Fri Feb 19 04:27:06 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-7-CVE-2025-25473.patch:
  Backporting c08d3004 from upstream, clear FFFormatContext packet.
  When packet_buffer is used in mux.c, and if a muxing process fails
  at a point where packets remained in said queue.
  (CVE-2025-25473, bsc#1237351)
 -------------------------------------------------------------------
 Fri Feb 19 03:18:02 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-7-CVE-2025-0518.patch:
  Backporting b5b6391d from upstream, fixes memory data leak when
  use sscanf().
  (CVE-2025-0518, bsc#1236007)
 -------------------------------------------------------------------
 Fri Feb 19 02:58:01 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 - Add ffmpeg-7-CVE-2025-22919.patch:
  Backporting 1446e37d from upstream, check for valid sample rate
  As the sample rate <= 0 is invalid.
  (CVE-2025-22919, bsc#1237371)
 -------------------------------------------------------------------
 Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
@ -107,9 +22,6 @@ Wed Oct  2 08:20:18 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
    disposition
  * LCEVC enhancement data exporting in H.26x and MP4/ISOBMFF
  * LCEVC filter
  * avcodec/mpegvideo_enc: Add check for av_packet_new_side_data (CVE-2024-12361, bsc#1237358)
  * avformat/dump: print only the actual streams in a tile grid group (CVE-2025-22920, bsc#1237380)
  * avcodec/rkmppdec: Fix double-free on error (CVE-2024-35368, bsc#1234028)
 - Delete patches/ffmpeg-7-fix-crashes.patch,
  0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (merged)
@ -124,16 +36,7 @@ Mon Sep 30 12:34:56 UTC 2024 - olaf@aepfle.de
 Thu Sep 26 10:02:20 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
 - no longer build against libmfx; build also 15.5 against libvpl
- (boo#1230983, boo#1219494)
+ (boo#1230983)
 - dropping support for libmfx below covers:
  * libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
  * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
  * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
  * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
  * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
  * Multiple vulnerabilities in the Intel Media SDK (libmfx1) (bsc#1226892)
  * Drop libmfx dependency from our product (jira #PED-10024)
 -------------------------------------------------------------------
 Wed Aug 21 09:58:42 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@ -167,13 +70,6 @@ Wed Aug  7 07:37:24 UTC 2024 - Cliff Zhao <qzhao@suse.com>
  * avfilter/vf_tiltandshift: fix buffer offset for yuv422p input (CVE-2024-32229, bsc#1227295)
  * avcodec/mpegvideo_enc: Fix 1 line and one column images (CVE-2024-32230, bsc#1227296)
  * avcodec/pnmdec: Use 64bit for input size check (CVE-2024-7055, bsc#1229026)
  * fftools/ffmpeg_mux_init: Fix double-free on error (CVE-2024-35365, bsc#1235091)
  * avformat/dxa: Adjust order of operations around block align (CVE-2024-36613, bsc#1235092)
  * avfilter/vf_minterpolate: Check pts before division (CVE-2023-51798, bsc#1223304)
  * avfilter/vf_weave: Fix odd height handling (CVE-2023-51793, bsc#1223272)
  * avfilter/vf_gradfun: Do not overread last line (CVE-2023-50010, bsc#1223256)
  * avfilter/af_stereowiden: Check length (CVE-2023-51794, bsc#1223437)
  * avutil/hwcontext: Don't assume frames_uninit is reentrant (CVE-2024-31578, bsc#1223070)
 - Drop ffmpeg-7-CVE-2024-32228.patch:
  The fix has been merged.
 - Drop ffmpeg-7-CVE-2024-32229.patch:
--- a/ffmpeg-7.spec
+++ b/ffmpeg-7.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ffmpeg-7
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -96,7 +96,7 @@
 %define _major_expected 8
 Name:           ffmpeg-7
-Version:        7.1.1
+Version:        7.1
 Release:        0
 Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later
@ -120,9 +120,6 @@ Patch5:         work-around-abi-break.patch
 Patch10:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch15:        11013-avcodec-decode-clean-up-if-get_hw_frames_parameters-.patch
 Patch18:        ffmpeg-7-CVE-2025-25473.patch
 Patch19:        ffmpeg-7-CVE-2025-22921.patch
 Patch20:        0001-avcodec-libsvtav1-unbreak-build-with-latest-svtav1.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel >= 3.98.3
@ -810,14 +807,8 @@ done
 %else
 %define _name ffmpeg
 # Patches may subtly change internal APIs, so we're sticking %%release in
 # Requires lines. It also conveniently blocks openSUSE libav* being combined
 # with Packman libav*, due to PM's unique %%release numbers.
 # This use of %%release with %flavor however requires bcnt synchro:
 #
 #!BcntSyncTag:  ffmpeg-7
 Name:           ffmpeg-7-mini
-Version:        7.1.1
+Version:        7.1
 Release:        0
 Summary:        Set of libraries for working with various multimedia formats
 License:        GPL-3.0-or-later